Identity domain password policies should require strong passwords

oracle-cloud-infrastructure
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Password policies in OCI Identity Domains should enforce strong passwords with a minimum length of 14 characters and require at least one numerical or special character. Strong password requirements help protect against brute force attacks and unauthorized access by making passwords more difficult to guess or crack. Organizations should configure both default and custom password policies to meet these minimum security standards.

Note: This rule excludes the system-provided simplePasswordPolicy and standardPasswordPolicy policies as these are not user editable, not assignable to groups, and do not apply as default policies. Custom password policies that are not assigned to any groups are excluded because they are not applied to any users and therefore have no effect.

Remediation

Configure password policies in your OCI Identity Domain to require a minimum length of 14 characters and at least one numerical or special character. For guidance on managing password policies in Identity Domains, refer to the Managing Password Policies section of the Oracle Cloud Infrastructure documentation.